× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: b505727dec00dd84bc14660d49fbe931cf320b8c5643154978d1e1129523f1a7
Bestandsnaam: FA94796_4845.xls
Detectieverhouding: 8 / 58
Datum van analyse: 2017-09-20 13:58:27 UTC (1 jaar, 8 maanden geleden) Laatste weergeven
Virusscanner Resultaat Versie
Arcabit HEUR.VBA.Trojan.e 20170920
Baidu VBA.Trojan-Downloader.Agent.buz 20170920
ESET-NOD32 VBA/TrojanDownloader.Agent.EHR 20170920
Ikarus Trojan-Downloader.VBA.Agent 20170920
Microsoft TrojanDownloader:O97M/Donoff 20170920
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170920
Qihoo-360 virus.office.qexvmc.1065 20170920
TrendMicro-HouseCall Suspicious_GEN.F47V0920 20170920
Ad-Aware 20170920
AegisLab 20170920
AhnLab-V3 20170920
Alibaba 20170911
ALYac 20170920
Antiy-AVL 20170920
Avast 20170920
Avast-Mobile 20170829
AVG 20170920
Avira (no cloud) 20170920
AVware 20170919
BitDefender 20170920
CAT-QuickHeal 20170920
ClamAV 20170920
CMC 20170920
Comodo 20170920
CrowdStrike Falcon (ML) 20170804
Cylance 20170920
Cyren 20170920
DrWeb 20170920
Emsisoft 20170920
Endgame 20170821
F-Prot 20170920
F-Secure 20170920
Fortinet 20170920
GData 20170920
Sophos ML 20170914
Jiangmin 20170920
K7AntiVirus 20170920
K7GW 20170920
Kaspersky 20170920
Kingsoft 20170920
Malwarebytes 20170920
MAX 20170920
McAfee 20170920
McAfee-GW-Edition 20170920
eScan 20170920
nProtect 20170920
Palo Alto Networks (Known Signatures) 20170920
Panda 20170919
Rising 20170920
SentinelOne (Static ML) 20170806
Sophos AV 20170920
SUPERAntiSpyware 20170920
Symantec 20170920
Symantec Mobile Insight 20170920
Tencent 20170920
TheHacker 20170916
TrendMicro 20170920
Trustlook 20170920
VBA32 20170920
VIPRE 20170920
ViRobot 20170920
Webroot 20170920
WhiteArmor 20170829
Yandex 20170908
Zillya 20170920
ZoneAlarm by Check Point 20170920
Zoner 20170920
The file being studied follows the Compound Document File format! More specifically, it is a MS Excel Spreadsheet file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
Automatically runs commands or instructions when the file is opened.
May try to run other files, shell commands or applications.
Seems to contain deobfuscation code.
Summary
application_name
Microsoft Excel
creation_datetime
2006-09-16 01:00:00
code_page
Cyrillic
last_saved
2017-09-20 10:11:34
Document summary
version
917504
code_page
Cyrillic
OLE Streams
name
Root Entry
clsid
00020820-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Excel
sid
0
size
8000
type_literal
stream
sid
16
name
\x01CompObj
size
107
type_literal
stream
sid
15
name
\x05DocumentSummaryInformation
size
224
type_literal
stream
sid
14
name
\x05SummaryInformation
size
200
type_literal
stream
sid
1
name
Workbook
size
35769
type_literal
stream
sid
13
name
_VBA_PROJECT_CUR/PROJECT
size
425
type_literal
stream
sid
12
name
_VBA_PROJECT_CUR/PROJECTwm
size
62
type_literal
stream
sid
7
type
macro (only attributes)
name
_VBA_PROJECT_CUR/VBA/Sheet1
size
977
type_literal
stream
sid
4
type
macro
name
_VBA_PROJECT_CUR/VBA/ThisWorkbook
size
5776
type_literal
stream
sid
8
name
_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
size
2731
type_literal
stream
sid
10
name
_VBA_PROJECT_CUR/VBA/__SRP_0
size
1370
type_literal
stream
sid
11
name
_VBA_PROJECT_CUR/VBA/__SRP_1
size
106
type_literal
stream
sid
5
name
_VBA_PROJECT_CUR/VBA/__SRP_2
size
508
type_literal
stream
sid
6
name
_VBA_PROJECT_CUR/VBA/__SRP_3
size
397
type_literal
stream
sid
9
name
_VBA_PROJECT_CUR/VBA/dir
size
524
Macros and VBA code streams
[+] ThisWorkbook.cls _VBA_PROJECT_CUR/VBA/ThisWorkbook 2396 bytes
url-pattern auto-open obfuscated run-file
ExifTool file metadata
MIMEType
application/vnd.ms-excel

CompObjUserType
Microsoft Excel 2003 Worksheet

ModifyDate
2017:09:20 09:11:34

TitleOfParts
2017-09

SharedDoc
No

FileType
XLS

AppVersion
14.0

LinksUpToDate
No

ScaleCrop
No

CompObjUserTypeLen
31

HeadingPairs
Worksheets, 1

FileTypeExtension
xls

HyperlinksChanged
No

CreateDate
2006:09:16 00:00:00

Security
None

CodePage
Windows Cyrillic

Software
Microsoft Excel

File identification
MD5 baac29a4aa2f0d28567d0d2687637a6d
SHA1 591e4f4515ed1fdcb4392bcc0be6ea02a5f14938
SHA256 b505727dec00dd84bc14660d49fbe931cf320b8c5643154978d1e1129523f1a7
ssdeep
1536:uwdvxHlcaQPy0iWYOcG4BDhnxD7oOEYxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAm2:uwdvxHlcaAy0iWYOcG4BDhnxD7oOEYxI

Bestandsgrootte 53.0 KB ( 54272 bytes )
Bestandstype MS Excel Spreadsheet
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Sep 15 00:00:00 2006, Last Saved Time/Date: Tue Sep 19 09:11:34 2017, Security: 0

TrID Microsoft Excel sheet (50.0%)
Microsoft Excel sheet (alternate) (37.6%)
Generic OLE2 / Multistream Compound File (12.3%)
Tags
obfuscated run-file auto-open url-pattern macros attachment xls

VirusTotal metadata
First submission 2017-09-20 09:22:09 UTC (1 jaar, 8 maanden geleden)
Last submission 2018-05-04 23:30:27 UTC (1 jaar geleden)
Bestandsnamen 591e4f4515ed1fdcb4392bcc0be6ea02a5f14938
FA41843_0909.xls
FA58492_9733.xls
FA82505_1295.xls
FA50363_5499.xls
FA27308_9347.xls
MALWARE SAMPLE 20_09_2017 (66)
aprimi.xls
__substg1.0_37010102
FA94796_4845.xls
FA84517_8408.xls
b505727dec00dd84bc14660d49fbe931cf320b8c5643154978d1e1129523f1a7.xls
FA86915_8226.xls
FA41147_6705.xls
FA71125_0453.xls
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!